mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' of github.com:sleuthkit/autopsy into 8425_linuxMacBuild

Browse Source
This commit is contained in:
Greg DiCristofaro 2023-01-29 16:27:19 -05:00
commit 6a9c0eba6e
41 changed files with 1304 additions and 958 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Core/nbproject/project.properties
View File

@ -64,8 +64,8 @@ file.reference.postgresql-42.3.5.jar=release/modules/ext/postgresql-42.3.5.jar
file.reference.Rejistry-1.1-SNAPSHOT.jar=release/modules/ext/Rejistry-1.1-SNAPSHOT.jar
file.reference.sevenzipjbinding-AllPlatforms.jar=release/modules/ext/sevenzipjbinding-AllPlatforms.jar
file.reference.sevenzipjbinding.jar=release/modules/ext/sevenzipjbinding.jar
file.reference.sleuthkit-4.11.1.jar=release/modules/ext/sleuthkit-4.11.1.jar
file.reference.sleuthkit-caseuco-4.11.1.jar=release/modules/ext/sleuthkit-caseuco-4.11.1.jar
file.reference.sleuthkit-4.12.0.jar=release/modules/ext/sleuthkit-4.12.0.jar
file.reference.sleuthkit-caseuco-4.12.0.jar=release/modules/ext/sleuthkit-caseuco-4.12.0.jar
file.reference.snakeyaml-1.30.jar=release/modules/ext/snakeyaml-1.30.jar
file.reference.SparseBitSet-1.1.jar=release/modules/ext/SparseBitSet-1.1.jar
file.reference.spotbugs-annotations-4.6.0.jar=release/modules/ext/spotbugs-annotations-4.6.0.jar

8
Core/nbproject/project.xml
View File

@ -611,12 +611,12 @@
<binary-origin>release/modules/ext/sevenzipjbinding.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/sleuthkit-4.11.1.jar</runtime-relative-path>
<binary-origin>release/modules/ext/sleuthkit-4.11.1.jar</binary-origin>
<runtime-relative-path>ext/sleuthkit-4.12.0.jar</runtime-relative-path>
<binary-origin>release/modules/ext/sleuthkit-4.12.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/sleuthkit-caseuco-4.11.1.jar</runtime-relative-path>
<binary-origin>release/modules/ext/sleuthkit-caseuco-4.11.1.jar</binary-origin>
<runtime-relative-path>ext/sleuthkit-caseuco-4.12.0.jar</runtime-relative-path>
<binary-origin>release/modules/ext/sleuthkit-caseuco-4.12.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/snakeyaml-1.30.jar</runtime-relative-path>

25
Core/src/org/sleuthkit/autopsy/casemodule/Bundle.properties-MERGED
View File

@ -247,15 +247,10 @@ AddImageWizardIngestConfigPanel.dsProcDone.errs.text=*Errors encountered in addi
AddImageWizardIngestConfigVisual.getName.text=Configure Ingest
AddImageWizardIterator.stepXofN=Step {0} of {1}
AddLocalFilesTask.localFileAdd.progress.text=Adding: {0}/{1}
Case.getCurCase.exception.noneOpen=Cannot get the current case; there is no case open\!
Case.getCurCase.exception.noneOpen=Cannot get the current case; there is no case open!
Case.open.msgDlg.updated.msg=Updated case database schema.\nA backup copy of the database with the following path has been made:\n {0}
Case.open.msgDlg.updated.title=Case Database Schema Update
Case.checkImgExist.confDlg.doesntExist.msg=One of the images associated with \n\
this case are missing. Would you like to search for them now?\n\
Previously, the image was located at:\n\
{0}\n\
Please note that you will still be able to browse directories and generate reports\n\
if you choose No, but you will not be able to view file content or run the ingest process.
Case.checkImgExist.confDlg.doesntExist.msg=One of the images associated with \nthis case are missing. Would you like to search for them now?\nPreviously, the image was located at:\n{0}\nPlease note that you will still be able to browse directories and generate reports\nif you choose No, but you will not be able to view file content or run the ingest process.
Case.checkImgExist.confDlg.doesntExist.title=Missing Image
Case.addImg.exception.msg=Error adding image to the case
Case.updateCaseName.exception.msg=Error while trying to update the case name.
@ -274,12 +269,9 @@ Case.GetCaseTypeGivenPath.Failure=Unable to get case type
Case.metaDataFileCorrupt.exception.msg=The case metadata file (.aut) is corrupted.
Case.deleteReports.deleteFromDiskException.log.msg=Unable to delete the report from the disk.
Case.deleteReports.deleteFromDiskException.msg=Unable to delete the report {0} from the disk.\nYou may manually delete it from {1}
CaseDeleteAction.closeConfMsg.text=Are you sure want to close and delete this case? \n\
Case Name: {0}\n\
Case Directory: {1}
CaseDeleteAction.closeConfMsg.text=Are you sure want to close and delete this case? \nCase Name: {0}\nCase Directory: {1}
CaseDeleteAction.closeConfMsg.title=Warning: Closing the Current Case
CaseDeleteAction.msgDlg.fileInUse.msg=The delete action cannot be fully completed because the folder or file in it is open by another program.\n\n\
Close the folder and file and try again or you can delete the case manually.
CaseDeleteAction.msgDlg.fileInUse.msg=The delete action cannot be fully completed because the folder or file in it is open by another program.\n\nClose the folder and file and try again or you can delete the case manually.
CaseDeleteAction.msgDlg.fileInUse.title=Error: Folder In Use
CaseDeleteAction.msgDlg.caseDelete.msg=Case {0} has been deleted.
CaseOpenAction.autFilter.title={0} Case File ( {1})
@ -311,8 +303,7 @@ NewCaseWizardAction.databaseProblem1.text=Cannot open database. Cancelling case
NewCaseWizardAction.databaseProblem2.text=Error
NewCaseWizardPanel1.validate.errMsg.invalidSymbols=The Case Name cannot contain any of the following symbols: \\ / : * ? " &lt; > |
NewCaseWizardPanel1.validate.errMsg.dirExists=Case directory ''{0}'' already exists.
NewCaseWizardPanel1.validate.confMsg.createDir.msg=The base directory "{0}" does not exist. \n\n\
Do you want to create that directory?
NewCaseWizardPanel1.validate.confMsg.createDir.msg=The base directory "{0}" does not exist. \n\nDo you want to create that directory?
NewCaseWizardPanel1.validate.confMsg.createDir.title=Create directory
NewCaseWizardPanel1.validate.errMsg.cantCreateParDir.msg=Error: Could not create case parent directory {0}
NewCaseWizardPanel1.validate.errMsg.prevCreateBaseDir.msg=Prevented from creating base directory {0}
@ -369,8 +360,8 @@ UnpackageWorker.doInBackground.previouslySeenCase=Case has been previously opene
UpdateRecentCases.menuItem.clearRecentCases.text=Clear Recent Cases
UpdateRecentCases.menuItem.empty=-Empty-
AddImageWizardIngestConfigPanel.CANCEL_BUTTON.text=Cancel
NewCaseVisualPanel1.CaseFolderOnCDriveError.text=Warning: Path to multi-user case folder is on \"C:\" drive
NewCaseVisualPanel1.CaseFolderOnInternalDriveWindowsError.text=Warning: Path to case folder is on \"C:\" drive. Case folder is created on the target system
NewCaseVisualPanel1.CaseFolderOnCDriveError.text=Warning: Path to multi-user case folder is on "C:" drive
NewCaseVisualPanel1.CaseFolderOnInternalDriveWindowsError.text=Warning: Path to case folder is on "C:" drive. Case folder is created on the target system
NewCaseVisualPanel1.CaseFolderOnInternalDriveLinuxError.text=Warning: Path to case folder is on the target system. Create case folder in mounted drive.
NewCaseVisualPanel1.uncPath.error=Error: UNC paths are not allowed for Single-User cases
CollaborationMonitor.addingDataSourceStatus.msg={0} adding data source
@ -378,7 +369,7 @@ CollaborationMonitor.analyzingDataSourceStatus.msg={0} analyzing {1}
MissingImageDialog.lbWarning.text=
MissingImageDialog.lbWarning.toolTipText=
NewCaseVisualPanel1.caseParentDirWarningLabel.text=
NewCaseVisualPanel1.multiUserCaseRadioButton.text=Multi-User
NewCaseVisualPanel1.multiUserCaseRadioButton.text=Multi-User\t\t
NewCaseVisualPanel1.singleUserCaseRadioButton.text=Single-User
NewCaseVisualPanel1.caseTypeLabel.text=Case Type:
SingleUserCaseConverter.BadDatabaseFileName=Database file does not exist!

5
Core/src/org/sleuthkit/autopsy/centralrepository/Bundle.properties-MERGED
View File

@ -5,10 +5,7 @@ CentralRepoCommentDialog.title.addEditCentralRepoComment=Add/Edit Central Reposi
OpenIDE-Module-Name=Central Repository
OpenIDE-Module-Display-Category=Ingest Module
OpenIDE-Module-Short-Description=Central Repository Ingest Module
OpenIDE-Module-Long-Description=\
Central Repository ingest module and central database. \n\n\
The Central Repository ingest module stores attributes of artifacts matching selected correlation types into a central database.\n\
Stored attributes are used in future cases to correlate and analyzes files and artifacts during ingest.
OpenIDE-Module-Long-Description=Central Repository ingest module and central database. \n\nThe Central Repository ingest module stores attributes of artifacts matching selected correlation types into a central database.\nStored attributes are used in future cases to correlate and analyzes files and artifacts during ingest.
CentralRepoCommentDialog.commentLabel.text=Comment:
CentralRepoCommentDialog.okButton.text=&OK
CentralRepoCommentDialog.cancelButton.text=C&ancel

1337
Core/src/org/sleuthkit/autopsy/contentviewers/Bundle.properties-MERGED
View File

File diff suppressed because it is too large Load Diff

2
Core/src/org/sleuthkit/autopsy/corecomponents/AboutWindowAction.java
View File

@ -24,6 +24,7 @@ import org.openide.DialogDescriptor;
import org.openide.DialogDisplayer;
import org.openide.awt.ActionID;
import org.openide.awt.ActionReference;
import org.openide.awt.ActionRegistration;
import org.openide.util.NbBundle;
import org.openide.util.NbBundle.Messages;
@ -32,6 +33,7 @@ import org.openide.util.NbBundle.Messages;
* menu.
*/
@ActionID(id = "org.sleuthkit.autopsy.corecomponents.AboutWindowAction", category = "Help")
@ActionRegistration(displayName = "#CTL_CustomAboutAction", iconInMenu = true, lazy = false)
@ActionReference(path = "Menu/Help", position = 3000, separatorBefore = 2999)
public class AboutWindowAction extends AboutAction {

1
Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties
View File

@ -1,3 +1,4 @@
CTL_CustomAboutAction=About
CTL_DataContentAction=DataContent
CTL_DataContentTopComponent=Data Content
OptionsCategory_Name_General=Application

1
Core/src/org/sleuthkit/autopsy/filesearch/Bundle.properties Normal file → Executable file
View File

@ -62,3 +62,4 @@ MimeTypePanel.noteLabel.text=*Note: Multiple MIME types can be selected
HashSearchPanel.sha256CheckBox.text=SHA-256:
HashSearchPanel.sha256TextField.text=
FileSearchPanel.closeButton.text=Close
DeletedFilesSearchPanel.deletedCheckbox.text=Deleted

5
Core/src/org/sleuthkit/autopsy/filesearch/Bundle.properties-MERGED
View File

@ -19,7 +19,7 @@ KnownStatusSearchPanel.knownCheckBox.text=Known Status:
KnownStatusSearchPanel.knownBadOptionCheckBox.text=Notable
KnownStatusSearchPanel.knownOptionCheckBox.text=Known (NSRL or other)
KnownStatusSearchPanel.unknownOptionCheckBox.text=Unknown
DateSearchFilter.noneSelectedMsg.text=At least one date type must be selected\!
DateSearchFilter.noneSelectedMsg.text=At least one date type must be selected!
DateSearchPanel.dateCheckBox.text=Date:
DateSearchPanel.jLabel4.text=Timezone:
DateSearchPanel.createdCheckBox.text=Created
@ -60,7 +60,7 @@ FileSearchPanel.search.results.details=Large number of matches may impact perfor
FileSearchPanel.search.exception.noFilterSelected.msg=At least one filter must be selected.
FileSearchPanel.search.validationErr.msg=Validation Error: {0}
FileSearchPanel.emptyWhereClause.text=Invalid options, nothing to show.
KnownStatusSearchFilter.noneSelectedMsg.text=At least one known status must be selected\!
KnownStatusSearchFilter.noneSelectedMsg.text=At least one known status must be selected!
NameSearchFilter.emptyNameMsg.text=Must enter something for name search.
SizeSearchPanel.sizeCompareComboBox.equalTo=equal to
SizeSearchPanel.sizeCompareComboBox.greaterThan=greater than
@ -81,3 +81,4 @@ MimeTypePanel.noteLabel.text=*Note: Multiple MIME types can be selected
HashSearchPanel.sha256CheckBox.text=SHA-256:
HashSearchPanel.sha256TextField.text=
FileSearchPanel.closeButton.text=Close
DeletedFilesSearchPanel.deletedCheckbox.text=Deleted

43
Core/src/org/sleuthkit/autopsy/filesearch/DeletedFilesSearchPanel.form Executable file
View File

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8" ?>
<Form version="1.5" maxVersion="1.9" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
<Properties>
<Property name="minimumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[337, 49]"/>
</Property>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[337, 49]"/>
</Property>
</Properties>
<AuxValues>
<AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="1"/>
<AuxValue name="FormSettings_autoSetComponentName" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_generateFQN" type="java.lang.Boolean" value="true"/>
<AuxValue name="FormSettings_generateMnemonicsCode" type="java.lang.Boolean" value="true"/>
<AuxValue name="FormSettings_i18nAutoMode" type="java.lang.Boolean" value="true"/>
<AuxValue name="FormSettings_layoutCodeTarget" type="java.lang.Integer" value="1"/>
<AuxValue name="FormSettings_listenerGenerationStyle" type="java.lang.Integer" value="0"/>
<AuxValue name="FormSettings_variablesLocal" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_variablesModifier" type="java.lang.Integer" value="2"/>
<AuxValue name="designerSize" type="java.awt.Dimension" value="-84,-19,0,5,115,114,0,18,106,97,118,97,46,97,119,116,46,68,105,109,101,110,115,105,111,110,65,-114,-39,-41,-84,95,68,20,2,0,2,73,0,6,104,101,105,103,104,116,73,0,5,119,105,100,116,104,120,112,0,0,0,35,0,0,0,76"/>
</AuxValues>
<Layout class="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout"/>
<SubComponents>
<Component class="javax.swing.JCheckBox" name="deletedCheckbox">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/filesearch/Bundle.properties" key="DeletedFilesSearchPanel.deletedCheckbox.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="minimumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[0, 0]"/>
</Property>
</Properties>
<Constraints>
<Constraint layoutClass="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout" value="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout$GridBagConstraintsDescription">
<GridBagConstraints gridX="0" gridY="0" gridWidth="1" gridHeight="1" fill="0" ipadX="0" ipadY="0" insetsTop="0" insetsLeft="0" insetsBottom="0" insetsRight="0" anchor="18" weightX="1.0" weightY="1.0"/>
</Constraint>
</Constraints>
</Component>
</SubComponents>
</Form>

118
Core/src/org/sleuthkit/autopsy/filesearch/DeletedFilesSearchPanel.java Executable file
View File

@ -0,0 +1,118 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2022 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.filesearch;
import java.awt.event.ActionListener;
import org.sleuthkit.datamodel.TskData;
class DeletedFilesSearchPanel extends javax.swing.JPanel {
private static final long serialVersionUID = 1L;
private final static String ALL_DELETED_CONTENT_QUERY = "( "
+ "(dir_flags = " + TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC.getValue() //NON-NLS
+ " OR " //NON-NLS
+ "meta_flags = " + TskData.TSK_FS_META_FLAG_ENUM.ORPHAN.getValue() //NON-NLS
+ ")"
+ " AND type = " + TskData.TSK_DB_FILES_TYPE_ENUM.FS.getFileType() //NON-NLS
+ " )"
+ " OR type = " + TskData.TSK_DB_FILES_TYPE_ENUM.CARVED.getFileType() //NON-NLS
+ " OR (dir_flags = " + TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC.getValue()
+ " AND type = " + TskData.TSK_DB_FILES_TYPE_ENUM.LAYOUT_FILE.getFileType() + " )";
/**
* Creates new form DeletedFilesSearchPanel
*/
DeletedFilesSearchPanel() {
initComponents();
}
boolean isDeletedFileSelected() {
return deletedCheckbox.isSelected();
}
void setDeletedFileSelected(boolean selected) {
deletedCheckbox.setSelected(selected);
}
/**
* This method is called from within the constructor to initialize the form.
* WARNING: Do NOT modify this code. The content of this method is always
* regenerated by the Form Editor.
*/
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
private void initComponents() {
java.awt.GridBagConstraints gridBagConstraints;
deletedCheckbox = new javax.swing.JCheckBox();
setMinimumSize(new java.awt.Dimension(337, 49));
setPreferredSize(new java.awt.Dimension(337, 49));
setLayout(new java.awt.GridBagLayout());
org.openide.awt.Mnemonics.setLocalizedText(deletedCheckbox, org.openide.util.NbBundle.getMessage(DeletedFilesSearchPanel.class, "DeletedFilesSearchPanel.deletedCheckbox.text")); // NOI18N
deletedCheckbox.setMinimumSize(new java.awt.Dimension(0, 0));
gridBagConstraints = new java.awt.GridBagConstraints();
gridBagConstraints.gridx = 0;
gridBagConstraints.gridy = 0;
gridBagConstraints.anchor = java.awt.GridBagConstraints.NORTHWEST;
gridBagConstraints.weightx = 1.0;
gridBagConstraints.weighty = 1.0;
add(deletedCheckbox, gridBagConstraints);
}// </editor-fold>//GEN-END:initComponents
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JCheckBox deletedCheckbox;
// End of variables declaration//GEN-END:variables
static final class DeletedFileSearchFilter extends AbstractFileSearchFilter<DeletedFilesSearchPanel> {
DeletedFileSearchFilter() {
super(new DeletedFilesSearchPanel());
}
@Override
public boolean isEnabled() {
return true;
}
@Override
public boolean isValid() {
return true;
}
@Override
public String getPredicate() throws FilterValidationException {
if (getComponent().isDeletedFileSelected()) {
return ALL_DELETED_CONTENT_QUERY;
}
return "";
}
@Override
public void addActionListener(ActionListener l) {
}
}
}

1
Core/src/org/sleuthkit/autopsy/filesearch/FileSearchPanel.form Normal file → Executable file
View File

@ -16,6 +16,7 @@
<AuxValue name="FormSettings_listenerGenerationStyle" type="java.lang.Integer" value="0"/>
<AuxValue name="FormSettings_variablesLocal" type="java.lang.Boolean" value="false"/>
<AuxValue name="FormSettings_variablesModifier" type="java.lang.Integer" value="2"/>
<AuxValue name="designerSize" type="java.awt.Dimension" value="-84,-19,0,5,115,114,0,18,106,97,118,97,46,97,119,116,46,68,105,109,101,110,115,105,111,110,65,-114,-39,-41,-84,95,68,20,2,0,2,73,0,6,104,101,105,103,104,116,73,0,5,119,105,100,116,104,120,112,0,0,1,44,0,0,1,-112"/>
</AuxValues>
<Layout class="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout"/>

17
Core/src/org/sleuthkit/autopsy/filesearch/FileSearchPanel.java Normal file → Executable file
View File

@ -47,6 +47,7 @@ import org.sleuthkit.autopsy.corecomponents.TableFilterNode;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
import org.sleuthkit.autopsy.datamodel.EmptyNode;
import org.sleuthkit.autopsy.filesearch.DeletedFilesSearchPanel.DeletedFileSearchFilter;
import org.sleuthkit.autopsy.filesearch.FileSearchFilter.FilterValidationException;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.SleuthkitCase;
@ -105,18 +106,19 @@ class FileSearchPanel extends javax.swing.JPanel {
SizeSearchFilter sizeFilter = new SizeSearchFilter();
DateSearchFilter dateFilter = new DateSearchFilter();
KnownStatusSearchFilter knowStatusFilter = new KnownStatusSearchFilter();
DeletedFileSearchFilter deleltedFilter = new DeletedFileSearchFilter();
HashSearchFilter hashFilter = new HashSearchFilter();
panel2.add(new FilterArea(NbBundle.getMessage(this.getClass(), "FileSearchPanel.filterTitle.name"), nameFilter));
panel3.add(new FilterArea(NbBundle.getMessage(this.getClass(), "FileSearchPanel.filterTitle.metadata"), sizeFilter));
panel2.add(new FilterArea(NbBundle.getMessage(this.getClass(), "FileSearchPanel.filterTitle.metadata"), dateFilter));
panel3.add(new FilterArea(NbBundle.getMessage(this.getClass(), "FileSearchPanel.filterTitle.knownStatus"), knowStatusFilter));
panel5.add(new FilterArea(NbBundle.getMessage(this.getClass(), "HashSearchPanel.md5CheckBox.text"), hashFilter));
panel5.add(new JLabel(""));
panel4.add(new FilterArea(NbBundle.getMessage(this.getClass(), "FileSearchPanel.filterTitle.metadata"), mimeTypeFilter));
panel4.add(new FilterArea(NbBundle.getMessage(this.getClass(), "DataSourcePanel.dataSourceCheckBox.text"), dataSourceFilter));
panel5.add(new FilterArea(NbBundle.getMessage(this.getClass(), "DeletedFilesSearchPanel.deletedCheckbox.text"), deleltedFilter));
filterPanel.add(panel1);
filterPanel.add(panel2);
filterPanel.add(panel3);
@ -130,6 +132,7 @@ class FileSearchPanel extends javax.swing.JPanel {
filters.add(hashFilter);
filters.add(mimeTypeFilter);
filters.add(dataSourceFilter);
filters.add(deleltedFilter);
for (FileSearchFilter filter : this.getFilters()) {
filter.addPropertyChangeListener(new PropertyChangeListener() {
@ -294,15 +297,7 @@ class FileSearchPanel extends javax.swing.JPanel {
*
* @throws
* org.sleuthkit.autopsy.filesearch.FileSearchFilter.FilterValidationException
* if
* an
* enabled
* filter
* is
* in
* an
* invalid
* state
* if an enabled filter is in an invalid state
*/
private String getQuery() throws FilterValidationException {

10
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties-MERGED
View File

@ -61,10 +61,7 @@ ImportCentralRepoDbProgressDialog.errorParsingFile.message=Error parsing hash se
ImportCentralRepoDbProgressDialog.linesProcessed.message=\ hashes processed
ImportCentralRepoDbProgressDialog.title.text=Central Repository Import Progress
OpenIDE-Module-Display-Category=Ingest Module
OpenIDE-Module-Long-Description=\
Hash Set ingest module. \n\n\
The ingest module analyzes files in the disk image and marks them as "known" (based on NSRL hashset lookup for "known" files) and "bad / interesting" (based on one or more hash sets supplied by the user).\n\n\
The module also contains additional non-ingest tools that are integrated in the GUI, such as file lookup by hash and hash set configuration.
OpenIDE-Module-Long-Description=Hash Set ingest module. \n\nThe ingest module analyzes files in the disk image and marks them as "known" (based on NSRL hashset lookup for "known" files) and "bad / interesting" (based on one or more hash sets supplied by the user).\n\nThe module also contains additional non-ingest tools that are integrated in the GUI, such as file lookup by hash and hash set configuration.
OpenIDE-Module-Name=HashDatabases
OptionsCategory_Name_HashDatabase=Hash Sets
OptionsCategory_Keywords_HashDatabase=Hash Sets
@ -191,10 +188,7 @@ HashDbSearchThread.name.searching=Searching
HashDbSearchThread.noMoreFilesWithMD5Msg=No other files with the same MD5 hash were found.
ModalNoButtons.indexingDbsTitle=Indexing hash sets
ModalNoButtons.indexingDbTitle=Indexing hash set
ModalNoButtons.exitHashDbIndexingMsg=You are about to exit out of indexing your hash sets. \n\
The generated index will be left unusable. If you choose to continue,\n\
please delete the corresponding -md5.idx file in the hash folder.\n\
Exit indexing?
ModalNoButtons.exitHashDbIndexingMsg=You are about to exit out of indexing your hash sets. \nThe generated index will be left unusable. If you choose to continue,\nplease delete the corresponding -md5.idx file in the hash folder.\nExit indexing?
ModalNoButtons.dlgTitle.unfinishedIndexing=Unfinished Indexing
ModalNoButtons.indexThis.currentlyIndexing1Db=Currently indexing 1 hash set
ModalNoButtons.indexThese.currentlyIndexing1OfNDbs=Currently indexing 1 of {0}

4
Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties-MERGED
View File

@ -123,8 +123,8 @@ FilesSetRulePanel.nameTextField.text=
FilesSetRulePanel.ruleNameLabel.text=Rule Name (Optional):
FilesSetRulePanel.messages.emptyNameCondition=You must specify a name pattern for this rule.
FilesSetRulePanel.messages.invalidNameRegex=The name regular expression is not valid:\n\n{0}
FilesSetRulePanel.messages.invalidCharInName=The name cannot contain \\, /, :, *, ?, \", <, or > unless it is a regular expression.
FilesSetRulePanel.messages.invalidCharInPath=The path cannot contain \\, :, *, ?, \", <, or > unless it is a regular expression.
FilesSetRulePanel.messages.invalidCharInName=The name cannot contain \\, /, :, *, ?, ", <, or > unless it is a regular expression.
FilesSetRulePanel.messages.invalidCharInPath=The path cannot contain \\, :, *, ?, ", <, or > unless it is a regular expression.
FilesSetRulePanel.messages.invalidPathRegex=The path regular expression is not valid:\n\n{0}
FilesSetDefsPanel.doFileSetsDialog.duplicateRuleSet.text=Rule set with name {0} already exists.
FilesSetRulePanel.pathSeparatorInfoLabel.text=Folder must be in parent path. Use '/' to give consecutive names

2
Core/src/org/sleuthkit/autopsy/modules/photoreccarver/Bundle.properties-MERGED
View File

@ -24,7 +24,7 @@ PhotoRecIngestModule.complete.totalParsetime=Total Parsing Time:
PhotoRecIngestModule.complete.photoRecResults=PhotoRec Results
PhotoRecIngestModule.NotEnoughDiskSpace.detail.msg=PhotoRec error processing {0} with {1} Not enough space on primary disk to save unallocated space.
PhotoRecIngestModule.cancelledByUser=PhotoRec cancelled by user.
PhotoRecIngestModule.error.exitValue=PhotoRec carver returned error exit value \= {0} when scanning {1}
PhotoRecIngestModule.error.exitValue=PhotoRec carver returned error exit value = {0} when scanning {1}
PhotoRecIngestModule.error.msg=Error processing {0} with PhotoRec carver.
PhotoRecIngestModule.complete.numberOfErrors=Number of Errors while Carving:
PhotoRecCarverIngestJobSettingsPanel.detectionSettingsLabel.text=PhotoRec Settings

15
Core/src/org/sleuthkit/autopsy/report/infrastructure/Bundle.properties-MERGED
View File

@ -9,6 +9,21 @@ PortableCaseTagsListPanel.error.noOpenCase=There is no case open
ReportGenerator.artTableColHdr.comment=Comment
ReportGenerator.errList.failedGetBBArtifactTags=Failed to get result tags.
ReportGenerator.errList.noOpenCase=No open case available.
# {0} - report module name
ReportGenerator.error.exception=Exception while running report module {0}
# {0} - report module name
ReportGenerator.error.invalidSettings=Invalid settings for report module {0}
# {0} - report module name
ReportGenerator.error.moduleNotFound=Report module {0} not found
# {0} - report module name
ReportGenerator.error.noFileReportSettings=No file report settings for report module {0}
ReportGenerator.error.noReportModules=No report modules found
# {0} - report module name
ReportGenerator.error.noTableReportSettings=No table report settings for report module {0}
# {0} - report configuration name
ReportGenerator.error.unableToLoadConfig=Unable to load reporting configuration {0}.
# {0} - report module name
ReportGenerator.error.unsupportedType=Report module {0} has unsupported report module type
ReportGenerator.tagTable.header.userName=User Name
ReportProgressIndicator.cancelledMessage=Report generation cancelled
ReportProgressIndicator.completedMessage=Report generation completed

6
Core/src/org/sleuthkit/autopsy/report/modules/html/Bundle.properties-MERGED
View File

@ -5,8 +5,8 @@ ReportHTML.getName.text=HTML Report
ReportHTML.getDesc.text=A report about results and tagged items in HTML format.
ReportHTML.writeIndex.title=for case {0}
ReportHTML.writeIndex.noFrames.msg=Your browser is not compatible with our frame setup.
ReportHTML.writeIndex.noFrames.seeNav=Please see <a href\="content\nav.html">the navigation page</a> for artifact links,
ReportHTML.writeIndex.seeSum=and <a href\="content\summary.html">the summary page</a> for a case summary.
ReportHTML.writeIndex.noFrames.seeNav=Please see <a href="content\nav.html">the navigation page</a> for artifact links,
ReportHTML.writeIndex.seeSum=and <a href="contentsummary.html">the summary page</a> for a case summary.
ReportHTML.writeNav.title=Report Navigation
ReportHTML.writeNav.h1=Report Navigation
ReportHTML.writeNav.summary=Case Summary
@ -16,7 +16,7 @@ ReportHTML.writeSum.caseNumber=Case Number:
ReportHTML.writeSum.caseNumImages=Number of data sources in case:
ReportHTML.writeSum.examiner=Examiner:
ReportHTML.writeSum.title=Case Summary
ReportHTML.writeSum.warningMsg=<span>Warning, this report was run before ingest services completed\!</span>
ReportHTML.writeSum.warningMsg=<span>Warning, this report was run before ingest services completed!</span>
#
# autopsy/test/scripts/regression.py._html_report_diff() uses reportGenOn.text, caseName, caseNum,
# examiner as a regex signature to skip report.html and summary.html

2
CoreLibs/ivy.xml
View File

@ -14,7 +14,7 @@
<!-- for viewers -->
<dependency conf="autopsy_core->default" org="org.freedesktop.gstreamer" name="gst1-java-core" rev="1.4.0"/>
<dependency conf="autopsy_core->default" org="net.java.dev.jna" name="jna-platform" rev="5.12.0"/>
<dependency conf="autopsy_core->default" org="net.java.dev.jna" name="jna-platform" rev="5.13.0"/>
<!-- for file search -->
<dependency conf="autopsy_core->default" org="com.github.lgooddatepicker" name="LGoodDatePicker" rev="11.2.1"/>

4
CoreLibs/nbproject/project.properties
View File

@ -88,8 +88,8 @@ file.reference.jericho-html-3.4.jar=release/modules/ext/jericho-html-3.4.jar
file.reference.jfxtras-common-8.0-r4.jar=release/modules/ext/jfxtras-common-8.0-r4.jar
file.reference.jfxtras-controls-8.0-r4.jar=release/modules/ext/jfxtras-controls-8.0-r4.jar
file.reference.jfxtras-fxml-8.0-r4.jar=release/modules/ext/jfxtras-fxml-8.0-r4.jar
file.reference.jna-5.12.1.jar=release/modules/ext/jna-5.12.1.jar
file.reference.jna-platform-5.12.0.jar=release/modules/ext/jna-platform-5.12.0.jar
file.reference.jna-5.13.0.jar=release/modules/ext/jna-5.13.0.jar
file.reference.jna-platform-5.13.0.jar=release/modules/ext/jna-platform-5.13.0.jar
file.reference.joda-time-2.10.14.jar=release/modules/ext/joda-time-2.10.14.jar
file.reference.jsr305-3.0.2.jar=release/modules/ext/jsr305-3.0.2.jar
file.reference.LGoodDatePicker-11.2.1.jar=release/modules/ext/LGoodDatePicker-11.2.1.jar

8
CoreLibs/nbproject/project.xml
View File

@ -821,12 +821,12 @@
<binary-origin>release/modules/ext/jfxtras-fxml-8.0-r4.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/jna-5.12.1.jar</runtime-relative-path>
<binary-origin>release/modules/ext/jna-5.12.1.jar</binary-origin>
<runtime-relative-path>ext/jna-5.13.0.jar</runtime-relative-path>
<binary-origin>release/modules/ext/jna-5.13.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/jna-platform-5.12.0.jar</runtime-relative-path>
<binary-origin>release/modules/ext/jna-platform-5.12.0.jar</binary-origin>
<runtime-relative-path>ext/jna-platform-5.13.0.jar</runtime-relative-path>
<binary-origin>release/modules/ext/jna-platform-5.13.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/joda-time-2.10.14.jar</runtime-relative-path>

1
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties-MERGED
View File

@ -371,7 +371,6 @@ SolrSearchService.exceptionMessage.noCurrentSolrCore=IndexMetadata did not conta
SolrSearchService.exceptionMessage.noIndexMetadata=Unable to create IndexMetaData from case directory: {0}
# {0} - collection name
SolrSearchService.exceptionMessage.unableToDeleteCollection=Unable to delete collection {0}
SolrSearchService.indexingError=Unable to index blackboard artifact.
SolrSearchService.ServiceName=Solr Keyword Search Service
SolrSearchService.DeleteDataSource.msg=Error Deleting Solr data for data source id {0}
DropdownSingleTermSearchPanel.dataSourceCheckBox.text=Restrict search to the selected data sources:

49
NEWS.txt
View File

@ -1,3 +1,52 @@
---------------- VERSION 4.20.0 --------------
Recent Activity Updates:
- Added Favicons, Profiles and Extensions to Chromium Browsers
- Added Security Questions/Answers from SAM registry Hive
Data Source Processing
- Added Jython Support for Data Source Processor modules.
- Added example Python DSP plugin
Ingest Pipelines
- Added new DataArtifact ingest pipeline that artifacts will go down.
- Moved Keyword search functionality for artifacts to the new pipeline.
Linux / Mac Improvements
- Script to install prerequisites using Homebrew and Debian package.
- Script that allows you to install TSK from source
- Script that sets JAVA home per install
- Updating Linux and Mac Installation Documentation
Command Line Interface
- Simplified command line input parameters
- The -listAllIngestProfiles switch was added
- The -nogui switch now works.
- Return codes now reflect if the application failed
Bug Fixes:
- Solr 8.11.2 Upgrade which includes update to Log4j to version 2.17.1
- Change Timezone format for Plaso output.
- Regex fix for Mbox parsing.
- Portable Case report string index out of range -1 fixed
- Extracting files, numbering of files and overwriting of files.
- Image tagging
- Joda-Time updated from 2.4 to 2.10 - fixes certain timezone errors
Misc:
- Update to USB id's.
- Update Tesseract to 4.10.
- Moved configuration settings to separate ones that are machine-dependent.
- Interesting files and file filters can now exclude certain features, such as folders.
- Adds host to artifact content viewer.
- When an OS Account is selected the Other Occurrences tab will no longer show the open case in the case list.
- The Communication window Message Viewer Threads panel layout was cleaned up so that the buttons are visible despite the subject length.
- Limit ingest inbox messages to first 20 keyword hits
- GStreamer update to version 1.20.0
- libheif v1.12.0 replaces ImageMagick
- Removal of 32bit version of Autopsy
---------------- VERSION 4.19.3 --------------
Bug Fixes:
- Updates for log4j vulnerabilities.

14
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED
View File

@ -4,10 +4,15 @@ cannotParseXml=Unable to parse XML file:
ChromeCacheExtract_adding_artifacts_msg=Chrome Cache: Adding %d artifacts for analysis.
ChromeCacheExtract_adding_extracted_files_msg=Chrome Cache: Adding %d extracted files for analysis.
ChromeCacheExtract_loading_files_msg=Chrome Cache: Loading files from %s.
# {0} - module name
# {1} - row number
# {2} - table length
# {3} - cache path
ChromeCacheExtractor.progressMsg={0}: Extracting cache entry {1} of {2} entries from {3}
DataSourceUsage_AndroidMedia=Android Media Card
DataSourceUsage_DJU_Drone_DAT=DJI Internal SD Card
DataSourceUsage_FlashDrive=Flash Drive
# {0} - OS name
DataSourceUsageAnalyzer.customVolume.label=OS Drive ({0})
DataSourceUsageAnalyzer.displayName=Data Source Usage Analyzer
DefaultPriorityDomainCategorizer_searchEngineCategory=Search Engine
@ -21,6 +26,7 @@ ExtractEdge_process_errMsg_spartanFail=Failure processing Microsoft Edge spartan
ExtractEdge_process_errMsg_unableFindESEViewer=Unable to find ESEDatabaseViewer
ExtractEdge_process_errMsg_webcacheFail=Failure processing Microsoft Edge WebCacheV01.dat file
ExtractFavicon_Display_Name=Favicon
# {0} - sub module name
ExtractIE_executePasco_errMsg_errorRunningPasco={0}: Error analyzing Internet Explorer web history
ExtractOs.androidOs.label=Android
ExtractOs.androidVolume.label=OS Drive (Android)
@ -53,6 +59,7 @@ ExtractOs.windowsVolume.label=OS Drive (Windows)
ExtractOs.yellowDogLinuxOs.label=Linux (Yellow Dog)
ExtractOs.yellowDogLinuxVolume.label=OS Drive (Linux Yellow Dog)
ExtractOS_progressMessage=Checking for OS
# {0} - sub module name
ExtractPrefetch_errMsg_prefetchParsingFailed={0}: Error analyzing prefetch files
ExtractPrefetch_module_name=Windows Prefetch Analyzer
ExtractRecycleBin_module_name=Recycle Bin Analyzer
@ -163,15 +170,21 @@ Firefox.getDlV24.errMsg.errAnalyzeFile={0}: Error while trying to analyze file:{
Firefox.getDlV24.errMsg.errParsingArtifacts={0}: Error parsing {1} Firefox web download artifacts.
Progress_Message_Analyze_Registry=Analyzing Registry Files
Progress_Message_Analyze_Usage=Data Sources Usage Analysis
# {0} - browserName
Progress_Message_Chrome_AutoFill=Chrome Auto Fill Browser {0}
# {0} - browserName
Progress_Message_Chrome_Bookmarks=Chrome Bookmarks Browser {0}
Progress_Message_Chrome_Cache=Chrome Cache
# {0} - browserName
Progress_Message_Chrome_Cookies=Chrome Cookies Browser {0}
# {0} - browserName
Progress_Message_Chrome_Downloads=Chrome Downloads Browser {0}
Progress_Message_Chrome_Extensions=Chrome Extensions {0}
Progress_Message_Chrome_Favicons=Chrome Downloads Favicons {0}
Progress_Message_Chrome_FormHistory=Chrome Form History
# {0} - browserName
Progress_Message_Chrome_History=Chrome History Browser {0}
# {0} - browserName
Progress_Message_Chrome_Logins=Chrome Logins Browser {0}
Progress_Message_Chrome_Profiles=Chrome Profiles {0}
Progress_Message_Edge_Bookmarks=Microsoft Edge Bookmarks
@ -234,6 +247,7 @@ Sam_Security_Answer_3_Attribute_Display_Name=Security Answer 3
Sam_Security_Question_1_Attribute_Display_Name=Security Question 1
Sam_Security_Question_2_Attribute_Display_Name=Security Question 2
Sam_Security_Question_3_Attribute_Display_Name=Security Question 3
# {0} - file name
SearchEngineURLQueryAnalyzer.init.exception.msg=Unable to find {0}.
SearchEngineURLQueryAnalyzer.moduleName.text=Search Engine Query Analyzer
SearchEngineURLQueryAnalyzer.engineName.none=NONE

12
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java
View File

@ -570,11 +570,13 @@ class Chromium extends Extract {
JsonObject permissions = ext.get("active_permissions").getAsJsonObject();
JsonArray apiPermissions = permissions.get("api").getAsJsonArray();
for (JsonElement apiPermission : apiPermissions) {
String apigrantEl = apiPermission.getAsString();
if (apigrantEl != null) {
apiGrantedPermissions = apiGrantedPermissions + ", " + apigrantEl;
} else {
apiGrantedPermissions = apiGrantedPermissions + "";
if (apiPermission.isJsonPrimitive()) {
String apigrantEl = apiPermission.getAsString();
if (apigrantEl != null) {
apiGrantedPermissions = apiGrantedPermissions + ", " + apigrantEl;
} else {
apiGrantedPermissions = apiGrantedPermissions + "";
}
}
}
}

141
Running_Linux_OSX.md
View File

@ -1,138 +1,22 @@
# Overview
*The installation process requires some [prerequisites](#installing-prerequisites), [The Sleuth Kit](#install-sleuthkit), and installing [Autopsy itself](#install-autopsy). If using Windows, there is a pre-built installer bundling all dependencies that can be found in the [Autopsy downloads section](https://www.autopsy.com/download/) or in the [Releases section on GitHub](https://github.com/sleuthkit/autopsy/releases/).*
When installing on Debian-based Linux or macOS systems, there are three general steps: [installing prerequisites](#installing-prerequisites), [installing The Sleuth Kit](#installing-the-sleuth-kit), and [installing Autopsy](#installing-autopsy) itself. On macOS, you will want to [setup the JNA paths](#setup-macos-jna-paths).
# Installing Prerequisites
- **Linux**: Run [`linux_macos_install_scripts/install_prereqs_ubuntu.sh`](./linux_macos_install_scripts/install_prereqs_ubuntu.sh).
- **macOS**: Run [`linux_macos_install_scripts/install_prereqs_macos.sh`](./linux_macos_install_scripts/install_prereqs_macos.sh). This script requires the package manager: [Homebrew](https://brew.sh/), which has installation steps on their site.
## On macOS
*NOTE: The last output of the script is the path to the Java 8 installation. You will want to note that path when installing Autopsy.*
*A script to install these dependencies that can be found [here](./linux_macos_install_scripts/install_prereqs_macos.sh). Make sure the script is executable before running.*
- Using [Homebrew](https://brew.sh/), install dependencies that have formulas:
```
brew install ant automake libtool afflib libewf postgresql testdisk
```
- You will also need to install Java 8 and JavaFX to run autopsy. We recommend Liberica OpenJDK which can be installed by tapping this third-party dependency:
```
brew tap bell-sw/liberica
```
- Then, you can install this dependency using `brew`:
```
brew install --cask liberica-jdk8-full
```
- - Confirm that java has been successfully installed by running `java -version`. You should get a result like the following:
```
% java -version
openjdk version "1.8.0_342"
OpenJDK Runtime Environment (build 1.8.0_342-b07)
OpenJDK 64-Bit Server VM (build 25.342-b07, mixed mode)
```
- You will need the java path for properly setting up autopsy. You can get the path to java by calling:
```
/usr/libexec/java_home -v 1.8
```
- If you want gstreamer to open media, you can download and install gstreamer here: `https://gstreamer.freedesktop.org/data/pkg/osx/1.20.3/gstreamer-1.0-1.20.3-universal.pkg`
# Installing The Sleuth Kit
- **Linux**: Download the .deb file for the release you want to install from the [release section](https://github.com/sleuthkit/sleuthkit/releases). Install The Sleuth Kit package from the repositories with the following command: `sudo apt update && sudo apt install /path/to/sleuthkit-version.deb`.
- **macOS**: Ensure that for this session, your `JAVA_HOME` variable is set to the java 8 installation by running `export JAVA_HOME=$(/usr/libexec/java_home -v 1.8)/bin/java`. Then, install The Sleuth Kit from source by running [`linux_macos_install_scripts/install_tsk_from_src.sh`](./linux_macos_install_scripts/install_tsk_from_src.sh), which will download, build, and install The Sleuth Kit. It can be run as follows: `install_tsk_from_src.sh -p ~/src/sleuthkit -b sleuthkit-4.11.1`. Make sure that your path to download source ends with "sleuthkit" as the last directory, and the release is the corresponding tag in the [repository](https://github.com/sleuthkit/sleuthkit).
## On Linux (Ubuntu / Debian-based)
*A script to install these dependencies that can be found [here](./linux_macos_install_scripts/install_prereqs_ubuntu.sh). Make sure the script is executable before running.*
- You will need to include some repositories in order to install this software. One way to do that is to uncomment lines in your `sources.list`:
```
sudo sed -Ei 's/^# deb-src /deb-src /' /etc/apt/sources.list
```
- Use `apt` to install dependencies:
```
sudo apt update && \
sudo apt -y install build-essential autoconf libtool git-core automake git zip wget ant \
libde265-dev libheif-dev \
libpq-dev \
testdisk libafflib-dev libewf-dev libvhdi-dev libvmdk-dev \
libgstreamer1.0-0 gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-plugins-bad \
gstreamer1.0-plugins-ugly gstreamer1.0-libav gstreamer1.0-tools gstreamer1.0-x \
gstreamer1.0-alsa gstreamer1.0-gl gstreamer1.0-gtk3 gstreamer1.0-qt5 gstreamer1.0-pulseaudio
```
- You will also need to install Java 8 and JavaFX to run autopsy. We recommend Liberica OpenJDK which can be installed as follows:
```
pushd /usr/src/ && \
wget -q -O - https://download.bell-sw.com/pki/GPG-KEY-bellsoft | sudo apt-key add - && \
echo "deb [arch=amd64] https://apt.bell-sw.com/ stable main" | sudo tee /etc/apt/sources.list.d/bellsoft.list && \
sudo apt update && \
sudo apt -y install bellsoft-java8-full && \
popd
```
- Confirm that java has been successfully installed by running `java -version`. You should get a result like the following:
```
% java -version
openjdk version "1.8.0_342"
OpenJDK Runtime Environment (build 1.8.0_342-b07)
OpenJDK 64-Bit Server VM (build 25.342-b07, mixed mode)
```
- Take note of the location of the java 1.8 install. This will be necessary to properly setup Autopsy. If using the recommended method, the path should be `/usr/lib/jvm/bellsoft-java8-full-amd64`
# Install The Sleuth Kit
The Sleuth Kit must be installed before trying to install Autopsy. If you are on a Debian-like system (i.e. Ubuntu) you can download the most recent deb file from the [github release section](https://github.com/sleuthkit/sleuthkit/releases), and install by running something like `sudo apt install ./sleuthkit-java_4.11.1-1_amd64.deb`. Otherwise, you can follow the directions below to install The Sleuth Kit from source code.
## Install The Sleuth Kit from Source
*A script to install these dependencies on Unix-like systems (i.e. macOS, Linux) that can be found [here](./linux_macos_install_scripts/install_tsk_from_src.sh). Make sure the script is executable before running.*
- Please ensure you have all the prerequisites installed on your system (see the directions [here](#installing-prerequisites)).
- If you don't have a copy of the repository on your local machine, clone it (this requires git):
```
git clone --depth 1 https://github.com/sleuthkit/sleuthkit.git
```
- If you want to build source from a particular branch or tag (i.e. `develop` or `release-4.11.0`), check out that branch:
```
git checkout <YOUR BRANCH HERE> && git pull
```
- Then, with The Sleuth Kit repo as your working directory, you can build with:
```
./bootstrap && ./configure && make
```
- If the output from `make` looks good, then install:
```
sudo make install
```
# Install Autopsy
## Create Autopsy Zip File from Source
*In most instances, you should download the Autopsy Zip file from the [Autopsy downloads section](https://www.autopsy.com/download/) or in the [Releases section on GitHub](https://github.com/sleuthkit/autopsy/releases/), but if you have a special use case you can do the following. Please make sure you have the [prerequisites installed](#installing-prerequisites) and have [installed The Sleuth Kit](#install-sleuthkit).*
- If you haven't already, clone the repo:
```
git clone --depth 1 https://github.com/sleuthkit/autopsy.git
```
- With the autopsy repo as your working directory, you can run:
```
ant clean && ant build && ant build-zip
```
- The zip file should be created within the `dist` folder of the Autopsy repository and will have the version in the name (i.e. `autopsy-4.18.0.zip`).
## Install Autopsy from Zip File
*These instructions are for Unix-like systems like macOS and Linux. If you are on Windows, there is an installer that can be downloaded from the [Autopsy downloads section](https://www.autopsy.com/download/) or in the [Releases section on GitHub](https://github.com/sleuthkit/autopsy/releases/). Please make sure you have the [prerequisites installed](#installing-prerequisites) and have [installed The Sleuth Kit](#install-sleuthkit). A script to perform these steps can be found [here](./linux_macos_install_scripts/install_application.sh). Make sure the script is executable before running.*
- Download the zip file from the [Autopsy downloads section](https://www.autopsy.com/download/) or in the [Releases section on GitHub](https://github.com/sleuthkit/autopsy/releases/). You can also create a zip file from source using [these directions](#create-autopsy-zip-file-from-source).
- If you downloaded the zip file, you can verify the zip file with the [The Sleuth Kit key](https://sleuthkit.org/carrier.asc) and the related `.asc` file found in the [Releases section on GitHub](https://github.com/sleuthkit/autopsy/releases/). For instance, you would use `autopsy-4.18.0.zip.asc` with `autopsy-4.18.0.zip`. Here is an example where `$ASC_FILE` is the path to the `.asc` file and `$AUTOPSY_ZIP_PATH` is the path to the autopsy zip file:
```
mkdir -p ${VERIFY_DIR} && \
pushd ${VERIFY_DIR} && \
wget https://sleuthkit.org/carrier.asc && \
gpg --homedir "${VERIFY_DIR}" --import https://sleuthkit.org/carrier.asc && \
gpg --homedir "${VERIFY_DIR}" --keyring "${VERIFY_DIR}/pubring.kbx" ${ASC_FILE} ${AUTOPSY_ZIP_PATH} && \
rm -r ${VERIFY_DIR}
popd
```
- Extract the zip file to a location where you would like to have Autopsy installed.
- Set up java path. There are two ways to provide the path to java: `JAVA_HOME` can be set as an environmental variable or the `autopsy.conf` file can define the home for java.
- To update the `autopsy.conf` file, navigate to where autopsy has been extracted and then open `etc/autopsy.conf`. Within that file, replace the commented line or add a new line specifying the java home like: `jdkhome=<JAVA_PATH>`. Another option is to provide an argument to `unix_setup.sh` like the following `unix_setup.sh -j <JAVA_PATH>` when performing the next step.
- With the extracted folder as the working directory, you can run the following commands to perform setup:
```
chown -R $(whoami) . && \
chmod u+x ./unix_setup.sh && \
./unix_setup.sh
```
- At this point, you should be able to run Autopsy with the command `./autopsy` from within the `bin` directory of the extracted folder.
## Setup macOS JNA paths
A few features in Autopsy will only work (i.e. gstreamer) if the JNA paths are specified. If you installed the necessary dependencies through Homebrew, you will want to either run this [script](./linux_macos_install_scripts/add_macos_jna.sh) or manually add all the gstreamer lib and dependency lib paths to the env variable `jre_flags` with jre flag: `-Djna.library.path`.
# Installing Autopsy
- Download the Autopsy zip file from [repository releases](https://github.com/sleuthkit/autopsy/releases). The file will be marked as "autopsy-&lt;release&gt;.zip" (i.e. "autopsy-4.19.2.zip").
- Run [`install_application.sh`](./linux_macos_install_scripts/install_application.sh) with the following parameters: `install_application.sh [-z zip_path] [-i install_directory] [-j java_home]`. An example would be `install_application.sh -z ~/Downloads/autopsy-4.19.2.zip -i ~/autopsy -j /usr/lib/jvm/bellsoft-java8-full-amd64`. The path to the Java 8 home is the last output from the [prequisites installation scripts](#installing-prerequisites), but typically, the path will be `/usr/lib/jvm/bellsoft-java8-full-amd64` on Debian-based Linux or the output of running `/usr/libexec/java_home -v 1.8` on macOS.
# Setup macOS JNA paths
If you are on macOS, run [linux_macos_install_scripts/add_macos_jna.sh](./linux_macos_install_scripts/add_macos_jna.sh) to properly setup the jna path to get things like gstreamer working. An example would be `add_macos_jna.sh -i ~/autopsy`.
# Troubleshooting
- If you see something like "Cannot create case: javafx/scene/paint/Color" it is an indication that Java FX
@ -166,6 +50,5 @@ A few features in Autopsy will only work (i.e. gstreamer) if the JNA paths are s
- Recent Activity
- The LEAPP processors
- HEIF processing
- Timeline does not work on OS X
- Video thumbnails
- VHD and VMDK files not supported on OS X

2
TSKVersion.xml
View File

@ -1,3 +1,3 @@
<project name="TSK_VERSION">
<property name="TSK_VERSION" value="4.11.1"/>
<property name="TSK_VERSION" value="4.12.0"/>
</project>

9
Testing/nbproject/project.xml
View File

@ -50,6 +50,15 @@
<specification-version>10.24</specification-version>
</run-dependency>
</dependency>
<dependency>
<code-name-base>org.sleuthkit.autopsy.corelibs</code-name-base>
<build-prerequisite/>
<compile-dependency/>
<run-dependency>
<release-version>3</release-version>
<specification-version>1.4</specification-version>
</run-dependency>
</dependency>
<dependency>
<code-name-base>org.sleuthkit.autopsy.coretestlibs</code-name-base>
<build-prerequisite/>

311
Testing/src/org/sleuthkit/autopsy/testing/AutopsyTestCases.java
View File

@ -25,18 +25,33 @@ import java.awt.Toolkit;
import java.awt.image.BufferedImage;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.text.DateFormat;
import java.text.MessageFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import java.util.function.Function;
import java.util.logging.Logger;
import java.util.logging.Level;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.imageio.ImageIO;
import javax.swing.JDialog;
import javax.swing.text.JTextComponent;
import javax.swing.tree.TreePath;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.commons.lang3.tuple.Triple;
import org.netbeans.jellytools.MainWindowOperator;
import org.netbeans.jellytools.NbDialogOperator;
import org.netbeans.jellytools.WizardOperator;
@ -59,6 +74,7 @@ import org.netbeans.jemmy.operators.JTreeOperator;
import org.netbeans.jemmy.operators.JTreeOperator.NoSuchPathException;
import org.sleuthkit.autopsy.core.UserPreferences;
import org.sleuthkit.autopsy.core.UserPreferencesException;
import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.events.MessageServiceConnectionInfo;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.datamodel.CaseDbConnectionInfo;
@ -69,6 +85,13 @@ public class AutopsyTestCases {
private static final Logger logger = Logger.getLogger(AutopsyTestCases.class.getName()); // DO NOT USE AUTOPSY LOGGER
private long start;
// by default, how many minutes jemmy waits for a dialog to appear (default is 1 minute).
private static final long DIALOG_FIND_TIMEOUT_MINUTES = 5;
static {
Timeouts.setDefault("Waiter.WaitingTime", DIALOG_FIND_TIMEOUT_MINUTES * 60 * 1000);
}
/**
* Escapes the slashes in a file or directory path.
*
@ -104,8 +127,9 @@ public class AutopsyTestCases {
JButtonOperator jbo = new JButtonOperator(nbdo, 0); // the "New Case" button
jbo.pushNoBlock();
} catch (TimeoutExpiredException ex) {
screenshot("TimeoutScreenshot");
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
logSystemDiagnostics();
screenshot("TimeoutScreenshot");
}
}
@ -125,8 +149,9 @@ public class AutopsyTestCases {
start = System.currentTimeMillis();
wo.btFinish().clickMouse();
} catch (TimeoutExpiredException ex) {
screenshot("TimeoutScreenshot");
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
logSystemDiagnostics();
screenshot("TimeoutScreenshot");
}
}
@ -159,8 +184,9 @@ public class AutopsyTestCases {
comboBoxOperator.setSelectedItem("(GMT-5:00) America/New_York");
wo.btNext().clickMouse();
} catch (TimeoutExpiredException ex) {
screenshot("TimeoutScreenshot");
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
logSystemDiagnostics();
screenshot("TimeoutScreenshot");
}
}
@ -194,8 +220,9 @@ public class AutopsyTestCases {
fileChooserOperator.chooseFile(new File(getEscapedPath(System.getProperty("img_path"))).getName());
wo.btNext().clickMouse();
} catch (TimeoutExpiredException ex) {
screenshot("TimeoutScreenshot");
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
logSystemDiagnostics();
screenshot("TimeoutScreenshot");
}
}
@ -208,8 +235,9 @@ public class AutopsyTestCases {
logger.log(Level.INFO, "Add image took {0}ms", (System.currentTimeMillis() - start));
wo.btFinish().clickMouse();
} catch (TimeoutExpiredException ex) {
screenshot("TimeoutScreenshot");
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
logSystemDiagnostics();
screenshot("TimeoutScreenshot");
}
}
@ -234,8 +262,9 @@ public class AutopsyTestCases {
jbo1.pushNoBlock();
logger.info("Pushed Global Settings button for hash lookup module in ingest job settings panel");
} catch (TimeoutExpiredException ex) {
screenshot("TimeoutScreenshot");
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
logSystemDiagnostics();
screenshot("TimeoutScreenshot");
}
}
@ -273,8 +302,9 @@ public class AutopsyTestCases {
JButtonOperator jbo4 = new JButtonOperator(hashMainDialogOperator, "OK", 0);
jbo4.pushNoBlock();
} catch (TimeoutExpiredException ex) {
screenshot("TimeoutScreenshot");
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
logSystemDiagnostics();
screenshot("TimeoutScreenshot");
}
}
@ -293,8 +323,9 @@ public class AutopsyTestCases {
jbo1.pushNoBlock();
logger.info("Pushed Global Settings button for keyword search module in ingest job settings panel");
} catch (TimeoutExpiredException ex) {
screenshot("TimeoutScreenshot");
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
logSystemDiagnostics();
screenshot("TimeoutScreenshot");
}
}
@ -326,8 +357,9 @@ public class AutopsyTestCases {
new Timeout("pausing", 10000).sleep(); // let things catch up
wo.btNext().clickMouse();
} catch (TimeoutExpiredException ex) {
screenshot("TimeoutScreenshot");
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
logSystemDiagnostics();
screenshot("TimeoutScreenshot");
}
}
@ -347,8 +379,9 @@ public class AutopsyTestCases {
Random rand = new Random();
new Timeout("pausing", 10000 + (rand.nextInt(15000) + 5000)).sleep();
} catch (TimeoutExpiredException ex) {
screenshot("TimeoutScreenshot");
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
logSystemDiagnostics();
screenshot("TimeoutScreenshot");
}
}
@ -362,8 +395,9 @@ public class AutopsyTestCases {
TreePath tp = jto.findPath(nodeNames);
expandNodes(jto, tp);
} catch (TimeoutExpiredException ex) {
screenshot("TimeoutScreenshot");
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
logSystemDiagnostics();
screenshot("TimeoutScreenshot");
}
}
@ -374,8 +408,9 @@ public class AutopsyTestCases {
JButtonOperator jbo = new JButtonOperator(mwo, "Generate Report");
jbo.pushNoBlock();
} catch (TimeoutExpiredException ex) {
screenshot("TimeoutScreenshot");
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
logSystemDiagnostics();
screenshot("TimeoutScreenshot");
}
}
@ -409,8 +444,9 @@ public class AutopsyTestCases {
new Timeout("pausing", 10000).sleep();
System.setProperty("ReportStr", datenotime);
} catch (TimeoutExpiredException ex) {
screenshot("TimeoutScreenshot");
logger.log(Level.SEVERE, "AutopsyTestCases.testNewCaseWizard encountered timed out", ex);
logSystemDiagnostics();
screenshot("TimeoutScreenshot");
}
}
@ -456,6 +492,7 @@ public class AutopsyTestCases {
UserPreferences.setDatabaseConnectionInfo(connectionInfo);
} catch (UserPreferencesException ex) {
logger.log(Level.SEVERE, "Error saving case database connection info", ex); //NON-NLS
logSystemDiagnostics();
}
//Solr Index settings
UserPreferences.setIndexingServerHost(System.getProperty("solrHost"));
@ -470,6 +507,7 @@ public class AutopsyTestCases {
UserPreferences.setMessageServiceConnectionInfo(msgServiceInfo);
} catch (UserPreferencesException ex) {
logger.log(Level.SEVERE, "Error saving messaging service connection info", ex); //NON-NLS
logSystemDiagnostics();
}
UserPreferences.setZkServerHost(System.getProperty("zooKeeperHost"));
@ -484,6 +522,253 @@ public class AutopsyTestCases {
}
} catch (NoSuchPathException ne) {
logger.log(Level.SEVERE, "Error expanding tree path", ne);
logSystemDiagnostics();
}
}
private void logSystemDiagnostics() {
logger.log(Level.INFO, getSystemDiagnostics());
}
private static final String NEWLINE = System.lineSeparator();
private static final int TOP_NUM = 10;
private static Set<String> IGNORED_PROCESSES = Stream.of("_Total", "Idle", "Memory Compression").collect(Collectors.toSet());
/**
* @return A string of system diagnostic information.
*
* NOTE: currently only works for windows.
*/
private static String getSystemDiagnostics() {
if (PlatformUtil.isWindowsOS()) {
try {
List<Map<String, String>> processPerformance = getWmicTable("wmic path Win32_PerfFormattedData_PerfProc_Process get Name,PercentProcessorTime,IOReadBytesPerSec,IOWriteBytesPerSec,WorkingSetPeak").stream()
.filter(obj -> !IGNORED_PROCESSES.contains(obj.get("name")))
.collect(Collectors.toList());
List<Pair<String, Long>> cpuUsageProcesses = getKeyValLimited(processPerformance, "name", "percentprocessortime");
List<Pair<String, Long>> memUsageProcesses = getKeyValLimited(processPerformance, "name", "workingsetpeak");
List<Triple<String, Long, Long>> ioProcesses = getFilteredLimited(
processPerformance,
obj -> {
String key = obj.get("name");
if (key == null) {
return null;
}
try {
return Triple.of(key, Long.parseLong(obj.get("ioreadbytespersec")), Long.parseLong(obj.get("iowritebytespersec")));
} catch (NumberFormatException | NullPointerException ex) {
return null;
}
},
Comparator.comparing(pr -> -(pr.getMiddle() + pr.getRight())));
String cpuLoad = getWmicString("wmic cpu get loadpercentage", "loadpercentage");
String cpuCores = getWmicString("wmic cpu get numberofcores", "numberofcores");
String freePhysicalMemory = getWmicString("wmic OS get FreeSpaceInPagingFiles", "freespaceinpagingfiles"); // in kb
String totalPhysicalMemory = getWmicString("wmic ComputerSystem get TotalPhysicalMemory", "totalphysicalmemory"); // bytes
String memUsage;
try {
double freeMemMb = Double.parseDouble(freePhysicalMemory) / 1000;
double totalMemMb = Double.parseDouble(totalPhysicalMemory) / 1000 / 1000;
memUsage = MessageFormat.format("Free Physical Memory: {0,number,#.##}MB and total physical: {1,number,#.##}MB", freeMemMb, totalMemMb);
} catch (NumberFormatException ex) {
memUsage = MessageFormat.format("Free Physical Memory: \"{0}\" and total physical: \"{1}\"", freePhysicalMemory, totalPhysicalMemory);
}
List<Triple<String, Long, String>> networkStatus = getFilteredLimited(
getWmicTable("wmic path win32_networkadapter where \"netconnectionstatus = 2 OR NOT errordescription IS NULL\" get netconnectionid, name, speed, maxspeed, errordescription"),
(Map<String, String> obj) -> {
String name = obj.get("netconnectionid");
if (StringUtils.isBlank(name)) {
name = obj.get("name");
}
if (StringUtils.isBlank(name)) {
return null;
}
String errorDescription = obj.get("errordescription");
Long speed = 0L;
try {
speed = Long.parseLong(obj.get("speed"));
} catch (NumberFormatException | NullPointerException ex) {
}
return Triple.of(name, speed, errorDescription);
},
(a, b) -> StringUtils.compareIgnoreCase(a.getLeft(), b.getRight()));
List<Pair<String, Long>> diskStatus = getKeyValLimited(
getWmicTable("wmic path Win32_PerfFormattedData_PerfDisk_LogicalDisk get AvgDiskQueueLength,Name").stream()
.filter(obj -> !IGNORED_PROCESSES.contains(obj.get("name")))
.collect(Collectors.toList()),
"name",
"avgdiskqueuelength");
return "SYSTEM DIAGNOSTICS:" + NEWLINE
+ MessageFormat.format("CPU Load Percentage: {0}% with {1} cores", cpuLoad, cpuCores) + NEWLINE
+ MessageFormat.format("Memory Usage: {0}", memUsage) + NEWLINE
+ "Disk Usage (disk to average disk queue length): " + NEWLINE
+ diskStatus.stream().map(pr -> pr.getKey() + ": " + pr.getValue()).collect(Collectors.joining(NEWLINE)) + NEWLINE
+ NEWLINE
+ "Network Status (of only connected or error): " + NEWLINE
+ networkStatus.stream().map(obj -> {
String errorString = StringUtils.isBlank(obj.getRight()) ? "" : MessageFormat.format(" (error: {0})", obj.getRight());
return MessageFormat.format("{0}: {1,number,#.##}MB/S possible {2}", obj.getLeft(), ((double) obj.getMiddle()) / 1000 / 1000, errorString);
}).collect(Collectors.joining(NEWLINE)) + NEWLINE
+ NEWLINE
+ "CPU consuming processes: " + NEWLINE
+ cpuUsageProcesses.stream().map(pr -> MessageFormat.format("{0}: {1}%", pr.getKey(), pr.getValue())).collect(Collectors.joining(NEWLINE)) + NEWLINE
+ NEWLINE
+ "Memory consuming processes (working set peak): " + NEWLINE
+ memUsageProcesses.stream()
.map(
pr -> MessageFormat.format(
"{0}: {1,number,#.##}MB",
pr.getKey(),
((double) pr.getValue()) / 1000 / 1000
)
)
.collect(Collectors.joining(NEWLINE)) + NEWLINE
+ NEWLINE
+ "I/O consuming processes (read/write): " + NEWLINE
+ ioProcesses.stream()
.map(
pr -> MessageFormat.format(
"{0}: {1,number,#.##}MB/{2,number,#.##}MB", pr.getLeft(),
((double) pr.getMiddle()) / 1000 / 1000,
((double) pr.getRight()) / 1000 / 1000
)
)
.collect(Collectors.joining(NEWLINE)) + NEWLINE;
} catch (Throwable ex) {
return "SYSTEM DIAGNOSTICS:" + NEWLINE
+ "Encountered IO exception: " + ex.getMessage() + NEWLINE;
}
} else {
return "System diagnostics only implemented for windows at this time.";
}
}
/**
* Returns a pair of a string key and long number value limited to TOP_NUM of the highest number values.
* @param objects The list of objects.
* @param keyId The id of the key in the map.
* @param valId The id of the value in the map.
* @return The highest valued key value pairs.
*/
private static List<Pair<String, Long>> getKeyValLimited(List<Map<String, String>> objects, String keyId, String valId) {
return getFilteredLimited(
objects,
obj -> {
String key = obj.get(keyId);
if (key == null) {
return null;
}
try {
return Pair.of(key, Long.parseLong(obj.get(valId)));
} catch (NumberFormatException | NullPointerException ex) {
return null;
}
},
Comparator.comparing(pr -> -pr.getValue()));
}
/**
* Returns a list of a given type limited to TOP_NUM of the first values.
* @param objects The objects to sort and filter.
* @param keyObjMapper Maps the list of map objects to the new new value.
* @param comparator Comparator determining first values.
* @return The list capped at TOP_NUM.
*/
private static <T> List<T> getFilteredLimited(List<Map<String, String>> objects, Function<Map<String, String>, T> keyObjMapper, Comparator<T> comparator) {
return objects.stream()
.map(keyObjMapper)
.filter(a -> a != null)
.sorted(comparator)
.limit(TOP_NUM)
.collect(Collectors.toList());
}
/**
* Runs the command line entry returning standard output.
* @param cmd The command.
* @return The standard output.
* @throws IOException
*/
private static String getProcStdOut(String... cmd) throws IOException {
ProcessBuilder pb = new ProcessBuilder(cmd);
String output = IOUtils.toString(pb.start().getInputStream(), StandardCharsets.UTF_8);
return output;
}
// matches key=value
private static final Pattern EQUALS_PATTERN = Pattern.compile("^([^=]*)=(.*)$");
/**
* Returns a list of maps mapping the wmic header column (lower cased) to
* the value for the row.
*
* @param cmd The wmic command to run.
*
* @return The list of rows.
*
* @throws IOException
*/
private static List<Map<String, String>> getWmicTable(String cmd) throws IOException {
String stdOut = getProcStdOut("cmd", "/c", cmd + " /format:list");
List<Map<String, String>> rows = new ArrayList<>();
Map<String, String> curObj = new HashMap<>();
for (String line : stdOut.split("\\r?\\n")) {
// if line, try to parse as key=value
if (StringUtils.isNotBlank(line)) {
Matcher matcher = EQUALS_PATTERN.matcher(line);
if (matcher.find()) {
String key = matcher.group(1).trim().toLowerCase();
String value = matcher.group(2).trim();
curObj.put(key, value);
}
// if no line and the object has keys, we have finished an entry, add it to the list.
} else if (!curObj.isEmpty()) {
rows.add(curObj);
curObj = new HashMap<>();
}
}
if (!curObj.isEmpty()) {
rows.add(curObj);
curObj = new HashMap<>();
}
return rows;
}
/**
* Returns a string from a wmic query.
* @param wmicQuery The wmic query.
* @param key The key column to return.
* @return The first row's value for the given key.
* @throws IOException
*/
private static String getWmicString(String wmicQuery, String key) throws IOException {
List<Map<String, String>> retVal = getWmicTable(wmicQuery);
if (retVal != null && !retVal.isEmpty() && retVal.get(0) != null && retVal.get(0).get(key) != null) {
return retVal.get(0).get(key);
} else {
return null;
}
}
}

4
branding/core/core.jar/org/netbeans/core/startup/Bundle.properties
View File

@ -1,5 +1,5 @@
#Updated by build script
#Wed, 01 Dec 2021 12:53:03 -0500
#Wed, 28 Sep 2022 13:57:05 -0400
LBL_splash_window_title=Starting Autopsy
SPLASH_HEIGHT=314
SPLASH_WIDTH=538
@ -8,4 +8,4 @@ SplashRunningTextBounds=0,289,538,18
SplashRunningTextColor=0x0
SplashRunningTextFontSize=19
currentVersion=Autopsy 4.19.2
currentVersion=Autopsy 4.19.3

6
branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties
View File

@ -1,4 +1,4 @@
#Updated by build script
#Wed, 01 Dec 2021 12:53:03 -0500
CTL_MainWindow_Title=Autopsy 4.19.2
CTL_MainWindow_Title_No_Project=Autopsy 4.19.2
#Wed, 28 Sep 2022 13:57:05 -0400
CTL_MainWindow_Title=Autopsy 4.19.3
CTL_MainWindow_Title_No_Project=Autopsy 4.19.3

12
docs/doxygen-user/multi-user/installActiveMQ.dox
View File

@ -9,7 +9,7 @@ ActiveMQ is a messaging service that allows the Autopsy clients to communicate w
You will need:
- 64-bit version of the Java 8 Runtime Environment (JRE) from https://github.com/ojdkbuild/ojdkbuild (<a href="https://github.com/ojdkbuild/ojdkbuild/releases/download/java-1.8.0-openjdk-1.8.0.242-1.b08/java-1.8.0-openjdk-1.8.0.242-1.b08.ojdkbuild.windows.x86_64.msi"> Link to installer</a>)
- Download ActiveMQ from: http://activemq.apache.org/download.html . Autopsy has been tested with ActiveMQ version 5.14.0.
- Download ActiveMQ from: http://activemq.apache.org/download.html . Autopsy has been tested with ActiveMQ version 5.14.0. Note that newer versions will not work with Java 8.
\section install_activemq_install Installation
@ -29,7 +29,9 @@ If you need the JRE, install it with the default settings.
<li>Open the <i>conf\\activemq.xml</i> file in the extracted folder in a text editor and make the following changes:
<ul>
<li> Add <i>"schedulePeriodForDestinationPurge="10000""</i> to the _broker_ tag then add <i>"gcInactiveDestinations="true" inactiveTimoutBeforeGC="30000""</i> to the _policyEntry_ tag. This is highlighted in yellow below:
<li> Add <i>"schedulePeriodForDestinationPurge="10000""</i> to the _broker_ tag</li>
<li> Add <i>"gcInactiveDestinations="true" inactiveTimoutBeforeGC="30000""</i> to the _policyEntry_ tag.
<li> These are both highlighted in yellow below:
\image html activeMQ_node_cleanup.png
@ -41,6 +43,8 @@ If you need the JRE, install it with the default settings.
<li>Install ActiveMQ as a service by navigating to the folder <i>bin\\win64</i>, right-clicking _InstallService.bat_, clicking _Run as administrator_, then click _Yes_.
<li>Add the bin\\win64\\wrapper.exe and java.exe (from the JRE) to the Windows firewall so that they can accept network communications.
<li>Start the ActiveMQ service by pressing _Start_, type _services.msc_, and press _Enter_. Find _ActiveMQ_ in the list and press the _Start the service_ link.
<li>ActiveMQ should now be installed and configured using the default credentials.
@ -48,7 +52,7 @@ If you need the JRE, install it with the default settings.
\subsection install_activemq_test Testing
To test your installation, you can access the admin pages in your web browser via a URL like this: http://localhost:8161/admin.
To test your installation, you can access the admin pages in your web browser (on the server) via a URL like this: http://localhost:8161/admin. NOTE that you cannot access this page from other hosts unless you go into jetty.xml and change org.apache.activemq.web.WebConsolePort so that host is 0.0.0.0 (and ensure that it is properly secured).
The default administrator username is _admin_ with a password of _admin_ and the default regular username is _user_ with a default password of _password_. You can change these passwords by following the instructions below.
@ -57,7 +61,7 @@ If you can see a page that looks like the following, it confirms that the Active
\image html activemq.PNG
<br><br>
You can confirm that your ActiveMQ installation is visible to other computers on the network by attempting to connect to a URL like the following (replacing the host name with that of the ActiveMQ computer) in a web browser: http://activemq-computer:61616
You can also confirm that your ActiveMQ installation is visible to other computers on the network by attempting to connect to a URL like the following (replacing the host name with that of the ActiveMQ computer) in a web browser: http://activemq-computer:61616. This will not give you a nice web page, but will give you data from the server.
If you are unable to connect to this address:
- Double check that the ActiveMQ service is running

6
docs/doxygen-user/multi-user/installPostgres.dox
View File

@ -40,7 +40,7 @@ To install PostgreSQL, perform the following steps:
<br><br>
\image html newPassword.PNG
<br><br>
- Check <i>"Can create databases"</i> on the <i>"Role Privileges"</i> tab.
- For <i>"Role Privileges"</i>, give the user <i>"Can Login?"</i> and <i>"Can create databases"</i>.
<br><br>
\image html newRights.PNG
<br><br>
@ -86,7 +86,7 @@ To this:
Note the removal of the leading number symbol-this uncomments that entry.
<br><br>
4. Still in <i id="max_connections">"C:\Program Files\PostgreSQL\9.5\data\postgresql.conf"</i>, find the entry named _max_connections_ and set it to the number of suggested connections for your configuration. A rule of thumb is add 100 connections for each Automated Ingest Node and 100 connections for each Reviewer node you plan to have in the network. See the screenshot below.
4. Still in <i id="max_connections">"C:\Program Files\PostgreSQL\9.5\data\postgresql.conf"</i>, find the entry named _max_connections_ and set it to the number of suggested connections for your configuration. A rule of thumb is 100 connections per each Automated Ingest node and reviewer node. See the screenshot below.
<br><br>
\image html maxConnections.PNG
<br><br>
@ -98,6 +98,8 @@ Note the removal of the leading number symbol-this uncomments that entry.
\image html postgresqlinstall7.PNG
<br><br>
6. Add the bin\\postgres.exe file to the Windows firewall to allow it to receive connections.
\section install_post_test Testing

4
docs/doxygen-user/multi-user/installSolr.dox
View File

@ -114,6 +114,10 @@ Start the "Solr_8.6.3" service, and verify that the service status changes to "R
\image html solr_start_2.png
\subsection install_solr_security AntiVirus Settings
We have observed that Antivirus may detect strings in the Solr indexes as being malware. You should add the Solr data directory to the exclusion list for your security product. We saw this with Windows Defender.
\section install_solr_testing Testing
There are two tests that you should perform to confirm that the Solr machine is configured correctly.

16
linux_macos_install_scripts/add_macos_jna.sh
View File

@ -28,7 +28,17 @@ then
exit 1
fi
awk '!/^\s*#?\s*export jreflags=.*$/' $INSTALL_LOC/etc/$APPLICATION_NAME.conf > $INSTALL_LOC/etc/$APPLICATION_NAME.conf.tmp && \
mv $INSTALL_LOC/etc/$APPLICATION_NAME.conf.tmp $INSTALL_LOC/etc/$APPLICATION_NAME.conf && \
echo -e "\nexport jreflags=-Djna.library.path=\"/Library/Frameworks/GStreamer.framework/Versions/1.0/lib\"" >> $INSTALL_LOC/etc/$APPLICATION_NAME.conf
GSTREAMER_LOC=$(brew --prefix gstreamer)
if [[ $? -ne 0 ]]
then
echo "Unable to find homebrew installation of gstreamer" >> /dev/stderr
exit 1
fi
awk '!/^ *#? *export +?(jreflags|GST_PLUGIN_SYSTEM_PATH|GST_PLUGIN_SCANNER)=.*$/' $INSTALL_LOC/etc/$APPLICATION_NAME.conf > $INSTALL_LOC/etc/$APPLICATION_NAME.conf.tmp && \
mv $INSTALL_LOC/etc/$APPLICATION_NAME.conf.tmp $INSTALL_LOC/etc/$APPLICATION_NAME.conf && \
echo "
export jreflags=\"-Djna.library.path=\\\"/usr/local/lib\\\" \$jreflags\"
export GST_PLUGIN_SYSTEM_PATH=\"/usr/local/lib/gstreamer-1.0\"
export GST_PLUGIN_SCANNER=\"${GSTREAMER_LOC}/libexec/gstreamer-1.0/gst-plugin-scanner\"" >> $INSTALL_LOC/etc/$APPLICATION_NAME.conf

2
linux_macos_install_scripts/install_application.sh
View File

@ -2,7 +2,7 @@
# Unzips an application platform zip to specified directory and does setup
usage() {
echo "Usage: install_application_from_zip.sh [-z zip_path] [-i install_directory] [-j java_home] [-n application_name] [-v asc_file]" 1>&2
echo "Usage: install_application.sh [-z zip_path] [-i install_directory] [-j java_home] [-n application_name] [-v asc_file]" 1>&2
echo "If specifying a .asc verification file (with -v flag), the program will attempt to create a temp folder in the working directory and verify the signature with gpg. If you already have an extracted zip, the '-z' flag can be ignored as long as the directory specifying the extracted contents is provided for the installation directory." 1>&2
}

19
linux_macos_install_scripts/install_prereqs_macos.sh
View File

@ -1,27 +1,14 @@
#!/bin/bash
echo "Installing dependencies..."
# dependencies taken from: https://github.com/sleuthkit/autopsy/pull/5111/files
# brew install gettext cppunit && \
brew install ant automake libtool afflib libewf postgresql testdisk
brew install ant automake libtool afflib libewf postgresql testdisk libheif \
gst-libav gst-plugins-bad gst-plugins-base gst-plugins-good gst-plugins-ugly gstreamer
if [[ $? -ne 0 ]]
then
echo "Unable to install necessary dependencies" >> /dev/stderr
exit 1
fi
# brew gstreamer packages don't seem to play nice with autopsy. Installing directly from gstreamer
echo "Installing gstreamer..."
gstreamer_tmp_path=$TMPDIR/gstreamer-1.0-1.20.3-universal.pkg
curl -k -o $gstreamer_tmp_path 'https://gstreamer.freedesktop.org/data/pkg/osx/1.20.3/gstreamer-1.0-1.20.3-universal.pkg' && \
sudo installer -pkg //Users/4911_admin/Downloads/gstreamer-1.0-1.20.3-universal.pkg -target /
gstreamer_install_result=$?
rm $gstreamer_tmp_path
if [[ $? -ne 0 ]]
then
echo "Unable to install gstreamer" >> /dev/stderr
exit 1
fi
echo "Installing liberica java 8..."
brew tap bell-sw/liberica && \
brew install --cask liberica-jdk8-full

4
linux_macos_install_scripts/install_tsk_from_src.sh
View File

@ -1,10 +1,10 @@
#!/bin/bash
# Clones sleuthkit repo from github (if necessary) and installs
# this script does require sudo privileges
# called like: build_tsk.sh -p <repo path to be created or existing> -b <tsk branch to checkout> -r <non-standard remote repo (optional)>
# called like: install_tsk_from_src.sh -p <repo path to be created or existing> -b <tsk branch to checkout> -r <non-standard remote repo (optional)>
usage() {
echo "Usage: install_tsk_from_src [-p repo_path (should end with '/sleuthkit')] [-b tsk_branch] [-r sleuthkit_repo]" 1>&2
echo "Usage: install_tsk_from_src.sh [-p repo_path (should end with '/sleuthkit')] [-b tsk_branch] [-r sleuthkit_repo]" 1>&2
}
# default repo path

2
nbproject/project.properties
View File

@ -4,7 +4,7 @@ app.title=Autopsy
### lowercase version of above
app.name=${branding.token}
### if left unset, version will default to today's date
app.version=4.19.3
app.version=4.20.0
### build.type must be one of: DEVELOPMENT, RELEASE
#build.type=RELEASE
build.type=DEVELOPMENT

28
release_scripts/localization_scripts/requirements.txt
View File

@ -1,14 +1,14 @@
et-xmlfile==1.0.1
gitdb==4.0.5
GitPython==3.1.12
jdcal==1.4.1
jproperties==2.1.0
lml==0.1.0
openpyxl==3.0.6
pyexcel==0.6.6
pyexcel-io==0.6.4
pyexcel-xlsx==0.6.0
six==1.15.0
smmap==3.0.4
texttable==1.6.3
XlsxWriter==1.3.7
et-xmlfile>=1.1.0
gitdb>=4.0.10
GitPython>=3.1.29
jdcal>=1.4.1
jproperties>=2.1.1
lml>=0.1.0
openpyxl>=3.0.10
pyexcel>=0.7.0
pyexcel-io>=0.6.6
pyexcel-xlsx>=0.6.0
six>=1.16.0
smmap>=5.0.0
texttable>=1.6.7
XlsxWriter>=3.0.3

2
unix_setup.sh
View File

@ -5,7 +5,7 @@
# NOTE: update_sleuthkit_version.pl updates this value and relies
# on it keeping the same name and whitespace. Don't change it.
TSK_VERSION=4.11.1
TSK_VERSION=4.12.0
usage() {